“An SPE system may have been obtained by an unauthorized party, who then may have uploaded malware,” Schaberg wrote in an email dated February 12, 2014. Staffers addressed on the email, including Sony chief counsel Leah Weil, were told “the investigation is ongoing.”

Schaberg followed up her note with confirmation that server data was indeed taken — from SpiritWORLD, a third party company subcontracted by Sony to store innumerable documents relating to finance, distribution and more.

In terms of the studios’ internal and FBI probes, an individual familiar with the situation told TheWrap a new theory has been floating: if North Korea is involved in the breach, as has been speculated, the country had assistance from within the company.